Identity fraud rise tied to smartphones

2012-02-22 22:28

New York - Nearly 12 million Americans were victims of identity theft in 2011, an increase of 13% over 2010, according to a new report.

The rise in the use of smartphones and social media by incautious consumers fuelled the increase in identity fraud, and 2011 was a year of several big data breaches too, said research firm Javelin Strategy & Research, which released the report.

With the rise in credit card monitoring and more sophisticated policing by credit card companies, identity thieves are increasingly targeting users of smartphones and social media, where consumers have a tendency to be less cautious, experts say.

"The message is not that people should let their guard down," Javelin founder and President Jim Van Dyke said. "The challenge that we have is that criminals often change faster than everyday consumers or businesses."

The number of people whose information was accessed in a data breach increased by 67% in 2011, largely due to some very high-profile thefts, such as the attacks on Sony Corp's PlayStation network in April.

Someone whose personal information is taken in a data breach is 9.5 times more likely to become a victim of identity fraud, Javelin found.

One heartening finding was that dollar losses by consumers remained stable last year despite the increase in the number of victims. Credit card issuers' policies on fraudulent transactions - a $50 limit on losses, which is often waived - and quicker detection has limited out-of-pocket costs to consumers, said Van Dyke.

For the past nine years, Javelin has been analysing data and survey information about identity fraud, usually defined as the opening of new accounts in the name of a victim.

For every advancement made on the protection side, consumers remain vulnerable due to the resourcefulness of crooks.

More crime

"They're doing more and more crime in order to get the same return," said Mike Urban, who analyses fraud patterns for Fiserv, a consulting company that helps financial institutions defend against crime and other risks. "It's pushing the criminals to work even harder."

In 2011, some of the biggest data thefts ever recorded took place. In the attacks on the PlayStation network, hackers obtained the personal information of tens of millions of users and the credit card numbers of some.

Also last year, hackers stole millions of names and e-mail addresses from Epsilon, the marketing division of Alliance Data Systems. That firm sends e-mail marketing information on behalf of major banks, retailers and hotels, among others. Citigroup also reported a large data theft.

About 7% of all smartphone users fell victim to identity fraud in 2011, according to Javelin. Smartphone users were about a third more likely to become victims than non-users.

Javelin found 62% of smartphone users do not use password protection for their home screens; this allows anyone who finds or takes their phones to have access to the contents.

Fiserv's Urban said downloaded apps are often a problem, too. The lure of a free game, particularly one not vetted through a company-operated site such as Apple's iTunes, can result in users having programmes that collect and distribute their personal information.

Javelin also found that many social media users reveal too much personal information, including their birth dates, where they went to high school, their phone number and other information used to verify identity.

"You don't leave your money lying on a table," said Urban. "You don't want to leave your important information out there."

To avoid becoming a victim of identity fraud Javelin suggests consumers password protect their home and mobile devices and avoid exposing personal information that can be used by someone else for identity verification.

It also suggested downloading apps only through a service that monitors the apps, such as iTunes, and to share information carefully on a public wifi network.

Credit cards should also be monitored for any suspicious transactions and data notifications should be taken seriously. If there has been access, consider subscribing to a credit-monitoring service, which is often offered for free for a year by the company that had been breached.